Closed Bug 319082 Opened 19 years ago Closed 19 years ago

"new Bugzilla::User($uid)" allows you to pass invalid $uid

Categories

(Bugzilla :: Bugzilla-General, defect)

Product:
Bugzilla
Component:
Bugzilla-General
Version:
2.20
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 2.20

People

(Reporter: LpSolit, Assigned: LpSolit)

References

Details

Attachments

(1 file, 1 obsolete file)

patch, v2
1.34 KB, patch
mkanat
: review+
Details | Diff | Splinter Review 
new() in User.pm doesn't make sure that its parameter is a valid integer. This allows me to edit a user with ID = "1k"! Well, PostgreSQL complains, but MySQL is happy with that:

mysql> select bug_id from bugs where bug_id="1k";
+--------+
| bug_id |
+--------+
|      1 |
+--------+
Attached patch patch, v1 (obsolete) — Splinter Review 
Assignee: general → LpSolit
Status: NEW → ASSIGNED

        Attachment #204989 -
        Flags: review?(bugreport)

    
    

    
  
Does this fix bug 319090, too?

    
  
Blocks: 319090

    
  

        Attachment #204989 -
        Flags: review?(mkanat)

    
    

    
  
Comment on attachment 204989 [details] [diff] [review]
patch, v1

I like the codce, it looks fine. But I preferred the old error message, because it gave more information.

        Attachment #204989 -
        Flags: review?(mkanat) → review-

    
    

    
  

      
      
      
      

        Attached patch
          
          
        patch, v2Splinter Review
      

    


  
I'm now leaving the actual error message as is.

        Attachment #204989 -
        Attachment is obsolete: true

        Attachment #205554 -
        Flags: review?(mkanat)

        Attachment #204989 -
        Flags: review?(bugreport)

    
    

    
  
FYI, an easy way to test my patch is to go to editusers.cgi?action=edit&userid=ddd.

    
  

        Attachment #205554 -
        Flags: review?(wurblzap)

    
    

    
  
Comment on attachment 205554 [details] [diff] [review]
patch, v2

Yes, looks fine to me.

        Attachment #205554 -
        Flags: review?(mkanat) → review+

    
  
Flags: approval?
Flags: approval2.20?

    
  

        Attachment #205554 -
        Flags: review?(wurblzap)
Flags: approval?
Flags: approval2.20?
Flags: approval2.20+
Flags: approval+

    
    

    
  
tip:

Checking in Bugzilla/User.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/User.pm,v  <--  User.pm
new revision: 1.98; previous revision: 1.97
done

2.20:

Checking in Bugzilla/User.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/User.pm,v  <--  User.pm
new revision: 1.61.2.14; previous revision: 1.61.2.13
done

Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: